Hello,
First of all I am very sorry I only speak a little English.
To the point:
I have connection issues to some of the LAN devices (cameras). I think I read almost whole forum and didn't find problem like mine.
I configured some firewall rules to access my cameras from WAN and connection works fine.
I'm able to reach cameras from outside of my network, but I'm not able to reach them from LAN. But the problem is that I'm not able to reach them even I use local IP addresses.
After cameras restart I'm able to get them locally for some time (up to 4 hours). Then I can reach them only from outside of my network (like LTE connection on my phone).
That's why I'm thinking about the routing issues, not the firewall.
For info: other forwarded ports are working fine (son can reach his Minecraft server using external IP, I'm able to use SMB externally and more), so I'm not pasting their config. It looks identical.
Here is my firewall config (I replaced my external IP by 111.111.111.111):
/ip firewall filter
add action=accept chain=forward comment="defconf: drop winserv" disabled=yes dst-address=!192.168.1.1 src-address=192.168.1.0/24
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Camera external" dst-address=111.111.111.111 dst-port=8100 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.100 to-ports=8100
add action=dst-nat chain=dstnat comment="Camera external" dst-address=111.111.111.111 dst-port=8102 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.102 to-ports=8102
add action=dst-nat chain=dstnat comment="Camera internal" dst-address=!192.168.1.1 dst-address-type=local dst-port=8100 protocol=tcp to-addresses=192.168.1.100 to-ports=8100
add action=dst-nat chain=dstnat comment="Camera internal" dst-address=!192.168.1.1 dst-address-type=local dst-port=8102 protocol=tcp to-addresses=192.168.1.102 to-ports=8102
add action=masquerade chain=srcnat dst-address=!192.168.1.1 src-address=192.168.1.0/24